cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4522
Views
0
Helpful
2
Replies

Split DNS over a site to site VPN?

dkelcher
Level 1
Level 1

Hello,

I have a remote office that has an 871W and that's using a site-to-site VPN to an ASA 5505.  Currently all DNS traffic is going to the main office for resolution.  Is it possible to configure a split DNS so internal lookups continue across the VPN, but external requests use the remote office ISP?

I do have split tunneling enabled, but I can't figure out how to split the DNS.

Thanks!

2 Replies 2

Hi,

I've done this in the ASA or Concentrator.
On the ASA you have the option to configure split-dns in environments with split tunneling.
You go under the group-policy to configure the list of domains to be resolved through the
split tunneling.

group-policy sales attributes
split-dns value example.com

I've never done it in IOS routers, but it seems that it can be done.


Hope this link helps:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htspldns.html

Federico.

kgreenway
Level 1
Level 1

Hi,

I have been trying to get the same feature working and at last succeeded.  I've posted my config below which was added on an 877W, so should be good for you in your scenario too.

ACL 101 is my inbound ACL against Dialer0 interface.

Thanks,

Kevin

interface BVI1
ip dns view-group mycomp_viewlist

ip dns view  mycomp
domain name-server  192.168.1.x
domain name-server   192.168.1.x
dns forwarder 192.168.1.x
dns forwarder 192.168.1.x
dns forwarding source-interface BVI1
ip dns view default
domain  name-server  212.x.x.x
domain name-server  212.x.x.x
dns  forwarder 212.x.x.x
dns forwarder 212.x.x.x
dns forwarding  source-interface BVI1
ip dns view-list default
ip dns view-list  mycomp_viewlist
view mycomp 5
  restrict name-group 10
view  default 10
ip dns name-list 10 permit .*.mycomp.CO.UK
ip dns  server

access-list  101 permit udp host 212.x.x.x eq domain any gt 1023
access-list 101  permit udp host 212.x.x.x eq domain any gt 1023

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco